lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 29 Sep 2004 13:49:50 +1200
From: "Gareth Humphries" <ghumphries@...z.govt.nz>
To: <bugtraq@...urityfocus.com>
Subject: Re: Diebold Global Election Management System (GEMS) Backdoor
	Account Allows Authenticated Users to


>
>
>>>> Simon <lists@...e.org.uk> 29/09/2004 08:20:09 >>>
>Marco S Hyman wrote:
> >
> > All I demand from a voting system is that votes can be voter
verified.
> > That's not true of ANY voting machine regardless of who writes the
code
> > unless there is a hard copy audit trail.   If there is a hard copy
audit
> > trail then it doesn't make any difference who wrote the code.
>
>How do you know that the software generating the audit trail is
playing 
>fair if it's closed source?
>
>Sometimes, IMHO, there's just no alternative to pen and paper.  Surely

>the manual method of ticking a box and having multiple human vote 
>counters checking ballots is the best option going, even if it is more

>expensive.  (I confess I've no idea what costs are involved either
way.)

But how can you trust the _COUNTERS_?  

The problem is - there is always a weak link.  There's always some part
of the process we cannot trust, what we have to decide is how much
mistrust we can tolerate, and where.
In the pen and paper system, it's sufficiently minimised through
accountability (if the boss catches you counting a 'Bob' paper, and
marking it down for 'Hank' - he'll fire you on the spot. He SAW YOU do
it), and dispersal (if there a 100,000 counters, and one is corrupt,
it's only 0.001% of the total votes at risk).

Walk into the booth, push the button for your candidate.  The machine
prints a receipt which is visible behind a glass window.  You look at
the receipt, and touch the 'Yes - thats correct' button.  It then dumps
the receipt in a big box marked 'Audit' (or 'Plan "B"'), and you leave
the booth feeling happy.  No garuntees about the software, but if a
recount based on paper eventuates - it's trustworthy.

In terms of the software though - how does this sound:  Have the
machines run a cut down OS that distributes pre-compiled binary files of
open source packages (Ie RPM) - include on the system the python binary,
and associated libraries.  Write all the code in python.  You can now
pull the ACTUAL source code off of a voting machine after the election,
and audit it.  You know its the software that was used, because, well,
you just used it.   :-)  
You can then run a checksum on the binaries used, to ensure they are
the same as the pre-compiled binaries distributed around the globe. 
This only leaves the hardware still corruptable (and the BIOS, esp) -
perhaps have every booth supply an old 486+ touchscreen to install the
software on...



Gareth Humphries
IT Specialist
IBM New Zealand Ltd

______________________________________________________________________________________________________

This message contains information, which is confidential and may be subject to legal privilege. 
If you are not the intended recipient, you must not peruse, use, disseminate, distribute or copy this message.
If you have received this message in error, please notify us immediately (Phone 0800 665 463  or info@...z.govt.nz) and destroy the original message.
LINZ accepts no responsibility for changes to this email, or for any attachments, after its transmission from LINZ.

Thank you.

______________________________________________________________________________________________________


Powered by blists - more mailing lists